Deposit Insurance Determination Rule
The Federal Deposit Insurance Corporation (“FDIC”) has adopted a rule establishing new requirements related to information technology (IT) systems capabilities, recordkeeping, testing, reporting and notice requirements for banks with more than 2 million deposit accounts. The rule was developed to assist the FDIC in fulfilling its requirement to provide depositors with rapid access to their insured deposits in case of the failure of a large, covered institution. The rule is effective on April 1, 2017, and covered institutions are required to comply by April 1, 2020 or three years following the date the bank becomes a covered institution.
A covered institution is required to implement changes to its IT systems to enable it to calculate the amount of each depositor’s insured deposit within 24 hours of a failure, to test its capabilities and to file a certification of compliance annually with the FDIC. Generally this determination must be based on information contained in the institution’s records; however, accounts that qualify for “pass through” coverage and brokered deposits can use data held by a third party to make this determination. Covered institutions are also required to file an annual summary deposit insurance report with the FDIC. In addition, the rule contains required information and specific file formats and deposit account codes.
A bank that exceeds the 2 million deposit account threshold must notify the FDIC within 10 business days of the effective date of the rule, April 1, 2017, or of becoming a covered institution (whichever is later). This notice will include the person(s) responsible for implementing the requirements of the rule. The FDIC indicated that 38 institutions meet the covered institution standard currently. Large financial institutions should ensure that they have systems in place to monitor the number of deposit accounts periodically and that includes daily monitoring as they reach the threshold amount.
FFIEC Revises Its Consumer Compliance Rating System
The federal banking agencies (including the Consumer Financial Protection Bureau (“CFPB”) and state regulators) have revised the Uniform Interagency Consumer Compliance Rating System (“CC Rating System”). The CC Rating System was modified to move away from the transaction-testing approach contained in the CC Rating System adopted in 1980 to reflect the agencies’ current risk-based supervision and focuses on the institutions’ compliance management systems (“CMS”).
The new CC Rating System retains the current 1–5 rating scale. It assesses institutions’ compliance using the following three categories: Board and Management Oversight; Compliance Program; and Violations of Law and Consumer Harm, each of which includes various assessment factors that will be used. Those assessment factors are:
Board and Management Oversight
- oversight and commitment to the institution’s CMS;
- effectiveness of the institution’s change management process;
- comprehension, identification and management of risks arising from the institution’s products, services and activities; and
- any corrective action undertaken as consumer compliance issues are identified.
- whether the institution’s policies and procedures are appropriate to the risk in the institution’s products, services and activities;
- the degree to which compliance training is current and tailored to risk and staff responsibilities; the sufficiency of monitoring and, if applicable, auditing, to encompass compliance risks; and the responsiveness and effectiveness of the consumer complaint resolution process.
Violations of Law and Consumer Harm
- the root causes of any violations identified during examinations;
- the severity of any consumer harm resulting from the violations;
- the duration of time over which the violations occurred; and
- the pervasiveness of the violations.
The ratings will not be based on a numerical average of the ratings assigned each category and assessment factor, and the categories and assessment factors are not assigned weights. The FFIEC noted that the relative weigh of each category or assessment factor may vary based on the size, complexity and risk profile of an institution.
The CC Rating System, consistent with agency guidance regarding CMS, will review the institution’s policies, procedures and training; the effectiveness of its consumer complaint and response management; and its management of third-party relationships and services. The CC Rating System also provides incentives for self-identification and prompt correction of violations.
Financial institutions should review their compliance management systems to ensure that they adequately address each category and each of the assessment factors identified by the FFIEC in the new rating system and make changes as appropriate. The new CC Rating System will be effective on March 31, 2017.
Banks should revisit their compliance efforts related to active duty servicemembers and their dependents in light of the CFPB’s continuing focus on UDAAP practices affecting servicemembers, recent amendments to the Military Lending Act (“MLA”), the joint enforcement action by the Office of the Comptroller of the Currency (“OCC”) and the Department of Justice (“DOJ”) regarding automobile repossession activities, the Interagency Military Lending Act Examination Procedures and the DOJ’s recent announcement of a pilot program to provide Servicemembers Civil Relief Act (“SCRA”) enforcement.
While banks may recognize that the SCRA caps interest rates at 6 percent while a servicemember is on active duty, the SCRA includes many other limitations, including requirements related to repossession and foreclosure. The MLA does not apply just to subprime loans and now requires specific oral and written disclosures be given to servicemembers, prohibits arbitration and certain other contract terms and requires a determination of the borrower’s status using either the MLA database or a consumer report to receive the benefit from the safe harbor provision in the MLA regulation, among other requirements.
Financial institutions should become familiar with these recent actions by consumer financial protection and enforcement agencies that identify the broad range of potential compliance risks, including regulatory violation and fair lending and UDAAP actions, that can occur if an institution fails to comply with any aspect of the SCRA or MLA. In addition, they contain valuable guidance that can be used to mitigate those risks and establish successful compliance programs.